NWebSec, Content Security Policy & AI

microsoft / ApplicationInsights-dotnet

ApplicationInsights-dotnet

MIT License

566 stars 285 forks source link

NWebSec, Content Security Policy & AI #123

Closed naeemsarfraz closed 8 years ago

naeemsarfraz commented 8 years ago

Is the client side script tracking code compatible with CSP's?

I'm struggling to configure it with the NWebSec nuget package.

Refused to connect to 'http://dc.services.visualstudio.com/v2/track' because it violates the following Content Security Policy directive: "connect-src 'self'".

SergeyKanzhelev commented 8 years ago

Can you please give more details? Looking at documentation for NWebSec it seems to be possible to configure dc.services.visualstudio.com as an additional connect-src source. Have you tried it?

SergeyKanzhelev commented 8 years ago

@MaxShehovtsov FYI

naeemsarfraz commented 8 years ago

Thank you, yes it is supported I was focused on script src and missed the fact that I needed to configure the connect-src.